Kibana 7.17.23 and 8.14.2 Security Update (ESA-2024-26)

ismisepaul · January 21, 2025, 10:50am

Kibana allocation of resources without limits or throttling leads to crash (ESA-2024-26)

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/log_entries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana.

Affected Versions:
Kibana up to 7.17.23 and up to 8.14.2

Solutions and Mitigations:
The issue is resolved in version 7.17.23 and 8.14.2.

Severity: CVSSv3.1: 6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE ID: CVE-2024-52973

Topic	Replies	Views
Kibana 7.17.23/8.15.0 Security Updates (ESA-2024-32, ESA-2024-33) Security Announcements	1208	January 23, 2025
Kibana 7.17.23/8.14.0 Security Update (ESA-2024-16) Security Announcements	1617	July 30, 2024
Kibana 8.14.0/7.17.22 Security Update (ESA-2024-11) Security Announcements	4465	June 14, 2024
Elasticsearch 7.17.21 and 8.13.3 Security Update (ESA-2024-25) Security Announcements	1759	January 21, 2025
Kibana 8.14.0 Security Update (ESA-2024-15) Security Announcements	4005	June 5, 2024

Kibana 7.17.23 and 8.14.2 Security Update (ESA-2024-26)

Related topics